From 608da94aafe4720726b68c7dae3636a233132fed Mon Sep 17 00:00:00 2001 From: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Date: Wed, 1 Jun 2022 09:41:20 -0700 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Raw=20results=20for=20Packaging=20c?= =?UTF-8?q?heck=20(#1913)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * update * update * update * update * update * update * update * updates * update * update * update * update * update * update * comments --- checker/raw_result.go | 21 ++ checks/evaluation/packaging.go | 89 +++++++ checks/fileparser/github_workflow.go | 38 +++ checks/packaging.go | 183 +------------ checks/permissions.go | 125 +++++++++ checks/raw/packaging.go | 243 ++++++++++++++++++ checks/{ => raw}/packaging_test.go | 13 +- .../github-workflow-packaging-cargo.yaml | 0 ...thub-workflow-packaging-docker-action.yaml | 0 ...github-workflow-packaging-docker-push.yaml | 0 .../github-workflow-packaging-gem.yaml | 0 .../github-workflow-packaging-go.yaml | 0 .../github-workflow-packaging-gradle.yaml | 0 .../github-workflow-packaging-maven.yaml | 0 .../github-workflow-packaging-npm-github.yaml | 0 .../github-workflow-packaging-npm.yaml | 0 .../github-workflow-packaging-nuget.yaml | 0 .../github-workflow-packaging-pypi.yaml | 0 ...low-packaging-python-semantic-release.yaml | 24 -- e2e/packaging_test.go | 4 +- go.sum | 69 +++++ pkg/json_raw_results.go | 101 ++++++-- 22 files changed, 678 insertions(+), 232 deletions(-) create mode 100644 checks/evaluation/packaging.go create mode 100644 checks/raw/packaging.go rename checks/{ => raw}/packaging_test.go (90%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-cargo.yaml (100%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-docker-action.yaml (100%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-docker-push.yaml (100%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-gem.yaml (100%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-go.yaml (100%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-gradle.yaml (100%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-maven.yaml (100%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-npm-github.yaml (100%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-npm.yaml (100%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-nuget.yaml (100%) rename checks/{ => raw}/testdata/.github/workflows/github-workflow-packaging-pypi.yaml (100%) delete mode 100644 checks/testdata/github-workflow-packaging-python-semantic-release.yaml diff --git a/checker/raw_result.go b/checker/raw_result.go index c0c9eeed..dbf69563 100644 --- a/checker/raw_result.go +++ b/checker/raw_result.go @@ -22,6 +22,7 @@ import ( // is applied. //nolint type RawResults struct { + PackagingResults PackagingData CIIBestPracticesResults CIIBestPracticesData DangerousWorkflowResults DangerousWorkflowData VulnerabilitiesResults VulnerabilitiesData @@ -43,6 +44,26 @@ type FuzzingData struct { Fuzzers []Tool } +// TODO: Add Msg to all results. + +// PackagingData contains results for the Packaging check. +type PackagingData struct { + Packages []Package +} + +// Package represents a package. +// nolint +type Package struct { + // TODO: not supported yet. This needs to be unique across + // ecosystems: purl, OSV, CPE, etc. + Name *string + Job *WorkflowJob + File *File + // Note: Msg is populated only for debug messages. + Msg *string + Runs []Run +} + // MaintainedData contains the raw results // for the Maintained check. type MaintainedData struct { diff --git a/checks/evaluation/packaging.go b/checks/evaluation/packaging.go new file mode 100644 index 00000000..f869c92e --- /dev/null +++ b/checks/evaluation/packaging.go @@ -0,0 +1,89 @@ +// Copyright 2021 Security Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package evaluation + +import ( + "fmt" + + "github.com/ossf/scorecard/v4/checker" + sce "github.com/ossf/scorecard/v4/errors" +) + +// Packaging applies the score policy for the Packaging check. +func Packaging(name string, dl checker.DetailLogger, r *checker.PackagingData) checker.CheckResult { + if r == nil { + e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data") + return checker.CreateRuntimeErrorResult(name, e) + } + + pass := false + for _, p := range r.Packages { + if p.Msg != nil { + // This is a debug message. Let's just replay the message. + dl.Debug(&checker.LogMessage{ + Text: *p.Msg, + }) + continue + } + + // Presence of a single non-debug message means the + // check passes. + pass = true + + msg, err := createLogMessage(p) + if err != nil { + return checker.CreateRuntimeErrorResult(name, err) + } + dl.Info(&msg) + } + + if pass { + return checker.CreateMaxScoreResult(name, + "publishing workflow detected") + } + + dl.Warn(&checker.LogMessage{ + Text: "no GitHub publishing workflow detected", + }) + + return checker.CreateInconclusiveResult(name, + "no published package detected") +} + +func createLogMessage(p checker.Package) (checker.LogMessage, error) { + var msg checker.LogMessage + + if p.Msg != nil { + return msg, sce.WithMessage(sce.ErrScorecardInternal, "Msg should be nil") + } + + if p.File == nil { + return msg, sce.WithMessage(sce.ErrScorecardInternal, "File field is nil") + } + + if p.File != nil { + msg.Path = p.File.Path + msg.Type = p.File.Type + msg.Offset = p.File.Offset + } + + if len(p.Runs) == 0 { + return msg, sce.WithMessage(sce.ErrScorecardInternal, "no run data") + } + + msg.Text = fmt.Sprintf("GitHub publishing workflow used in run %s", p.Runs[0].URL) + + return msg, nil +} diff --git a/checks/fileparser/github_workflow.go b/checks/fileparser/github_workflow.go index 89ed8e9c..d47dfa96 100644 --- a/checks/fileparser/github_workflow.go +++ b/checks/fileparser/github_workflow.go @@ -330,6 +330,44 @@ type JobMatcherStep struct { Run string } +// JobMatchResult represents the result of a matche. +type JobMatchResult struct { + Msg string + File checker.File +} + +// RawAnyJobsMatch returns true if any of the jobs have a match in the given workflow. +// TODO: Rename after migraiton is complete. +func RawAnyJobsMatch(workflow *actionlint.Workflow, jobMatchers []JobMatcher, fp string, + logMsgNoMatch string, +) (JobMatchResult, bool) { + for _, job := range workflow.Jobs { + for _, matcher := range jobMatchers { + if !matcher.matches(job) { + continue + } + + return JobMatchResult{ + File: checker.File{ + Path: fp, + Type: checker.FileTypeSource, + Offset: GetLineNumber(job.Pos), + }, + Msg: fmt.Sprintf("%v: %v", matcher.LogText, fp), + }, true + } + } + + return JobMatchResult{ + File: checker.File{ + Path: fp, + Type: checker.FileTypeSource, + Offset: checker.OffsetDefault, + }, + Msg: fmt.Sprintf("%v: %v", logMsgNoMatch, fp), + }, false +} + // AnyJobsMatch returns true if any of the jobs have a match in the given workflow. func AnyJobsMatch(workflow *actionlint.Workflow, jobMatchers []JobMatcher, fp string, dl checker.DetailLogger, logMsgNoMatch string, diff --git a/checks/packaging.go b/checks/packaging.go index aa0f752e..6f937cb4 100644 --- a/checks/packaging.go +++ b/checks/packaging.go @@ -15,13 +15,9 @@ package checks import ( - "fmt" - "path/filepath" - - "github.com/rhysd/actionlint" - "github.com/ossf/scorecard/v4/checker" - "github.com/ossf/scorecard/v4/checks/fileparser" + "github.com/ossf/scorecard/v4/checks/evaluation" + "github.com/ossf/scorecard/v4/checks/raw" sce "github.com/ossf/scorecard/v4/errors" ) @@ -38,179 +34,16 @@ func init() { // Packaging runs Packaging check. func Packaging(c *checker.CheckRequest) checker.CheckResult { - matchedFiles, err := c.RepoClient.ListFiles(fileparser.IsGithubWorkflowFileCb) + rawData, err := raw.Packaging(c) if err != nil { - e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("RepoClient.ListFiles: %v", err)) + e := sce.WithMessage(sce.ErrScorecardInternal, err.Error()) return checker.CreateRuntimeErrorResult(CheckPackaging, e) } - for _, fp := range matchedFiles { - fc, err := c.RepoClient.GetFileContent(fp) - if err != nil { - e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("RepoClient.GetFileContent: %v", err)) - return checker.CreateRuntimeErrorResult(CheckPackaging, e) - } - - workflow, errs := actionlint.Parse(fc) - if len(errs) > 0 && workflow == nil { - e := fileparser.FormatActionlintError(errs) - return checker.CreateRuntimeErrorResult(CheckPackaging, e) - } - if !isPackagingWorkflow(workflow, fp, c.Dlogger) { - continue - } - - runs, err := c.RepoClient.ListSuccessfulWorkflowRuns(filepath.Base(fp)) - if err != nil { - e := sce.WithMessage(sce.ErrScorecardInternal, fmt.Sprintf("Client.Actions.ListWorkflowRunsByFileName: %v", err)) - return checker.CreateRuntimeErrorResult(CheckPackaging, e) - } - if len(runs) > 0 { - c.Dlogger.Info(&checker.LogMessage{ - Path: fp, - Type: checker.FileTypeSource, - Offset: checker.OffsetDefault, - Text: fmt.Sprintf("GitHub publishing workflow used in run %s", runs[0].URL), - }) - return checker.CreateMaxScoreResult(CheckPackaging, - "publishing workflow detected") - } - c.Dlogger.Debug(&checker.LogMessage{ - Path: fp, - Type: checker.FileTypeSource, - Offset: checker.OffsetDefault, - Text: "GitHub publishing workflow not used in runs", - }) + // Set the raw results. + if c.RawResults != nil { + c.RawResults.PackagingResults = rawData } - c.Dlogger.Warn(&checker.LogMessage{ - Text: "no GitHub publishing workflow detected", - }) - - return checker.CreateInconclusiveResult(CheckPackaging, - "no published package detected") -} - -// A packaging workflow. -func isPackagingWorkflow(workflow *actionlint.Workflow, fp string, dl checker.DetailLogger) bool { - jobMatchers := []fileparser.JobMatcher{ - { - Steps: []*fileparser.JobMatcherStep{ - { - Uses: "actions/setup-node", - With: map[string]string{"registry-url": "https://registry.npmjs.org"}, - }, - { - Run: "npm.*publish", - }, - }, - LogText: "candidate node publishing workflow using npm", - }, - { - // Java packages with maven. - Steps: []*fileparser.JobMatcherStep{ - { - Uses: "actions/setup-java", - }, - { - Run: "mvn.*deploy", - }, - }, - LogText: "candidate java publishing workflow using maven", - }, - { - // Java packages with gradle. - Steps: []*fileparser.JobMatcherStep{ - { - Uses: "actions/setup-java", - }, - { - Run: "gradle.*publish", - }, - }, - LogText: "candidate java publishing workflow using gradle", - }, - { - // Ruby packages. - Steps: []*fileparser.JobMatcherStep{ - { - Run: "gem.*push", - }, - }, - LogText: "candidate ruby publishing workflow using gem", - }, - { - // NuGet packages. - Steps: []*fileparser.JobMatcherStep{ - { - Run: "nuget.*push", - }, - }, - LogText: "candidate nuget publishing workflow", - }, - { - // Docker packages. - Steps: []*fileparser.JobMatcherStep{ - { - Run: "docker.*push", - }, - }, - LogText: "candidate docker publishing workflow", - }, - { - // Docker packages. - Steps: []*fileparser.JobMatcherStep{ - { - Uses: "docker/build-push-action", - }, - }, - LogText: "candidate docker publishing workflow", - }, - { - // Python packages. - Steps: []*fileparser.JobMatcherStep{ - { - Uses: "actions/setup-python", - }, - { - Uses: "pypa/gh-action-pypi-publish", - }, - }, - LogText: "candidate python publishing workflow using pypi", - }, - { - // Python packages. - // This is a custom Python packaging workflow based on semantic versioning. - // TODO(#1642): accept custom workflows through a separate configuration. - Steps: []*fileparser.JobMatcherStep{ - { - Uses: "relekang/python-semantic-release", - }, - }, - LogText: "candidate python publishing workflow using python-semantic-release", - }, - { - // Go packages. - Steps: []*fileparser.JobMatcherStep{ - { - Uses: "actions/setup-go", - }, - { - Uses: "goreleaser/goreleaser-action", - }, - }, - LogText: "candidate golang publishing workflow", - }, - { - // Rust packages. https://doc.rust-lang.org/cargo/reference/publishing.html - Steps: []*fileparser.JobMatcherStep{ - { - Run: "cargo.*publish", - }, - }, - LogText: "candidate rust publishing workflow using cargo", - }, - } - - return fileparser.AnyJobsMatch(workflow, jobMatchers, fp, dl, "not a publishing workflow") + return evaluation.Packaging(CheckPackaging, c.Dlogger, &rawData) } diff --git a/checks/permissions.go b/checks/permissions.go index f1ee6729..70324e6c 100644 --- a/checks/permissions.go +++ b/checks/permissions.go @@ -613,3 +613,128 @@ func isReleasingWorkflow(workflow *actionlint.Workflow, fp string, dl checker.De return fileparser.AnyJobsMatch(workflow, jobMatchers, fp, dl, "not a releasing workflow") } + +// TODO: remove when migrated to raw results. +// Should be using the definition in raw/packaging.go +func isPackagingWorkflow(workflow *actionlint.Workflow, fp string, dl checker.DetailLogger) bool { + jobMatchers := []fileparser.JobMatcher{ + { + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "actions/setup-node", + With: map[string]string{"registry-url": "https://registry.npmjs.org"}, + }, + { + Run: "npm.*publish", + }, + }, + LogText: "candidate node publishing workflow using npm", + }, + { + // Java packages with maven. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "actions/setup-java", + }, + { + Run: "mvn.*deploy", + }, + }, + LogText: "candidate java publishing workflow using maven", + }, + { + // Java packages with gradle. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "actions/setup-java", + }, + { + Run: "gradle.*publish", + }, + }, + LogText: "candidate java publishing workflow using gradle", + }, + { + // Ruby packages. + Steps: []*fileparser.JobMatcherStep{ + { + Run: "gem.*push", + }, + }, + LogText: "candidate ruby publishing workflow using gem", + }, + { + // NuGet packages. + Steps: []*fileparser.JobMatcherStep{ + { + Run: "nuget.*push", + }, + }, + LogText: "candidate nuget publishing workflow", + }, + { + // Docker packages. + Steps: []*fileparser.JobMatcherStep{ + { + Run: "docker.*push", + }, + }, + LogText: "candidate docker publishing workflow", + }, + { + // Docker packages. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "docker/build-push-action", + }, + }, + LogText: "candidate docker publishing workflow", + }, + { + // Python packages. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "actions/setup-python", + }, + { + Uses: "pypa/gh-action-pypi-publish", + }, + }, + LogText: "candidate python publishing workflow using pypi", + }, + { + // Python packages. + // This is a custom Python packaging workflow based on semantic versioning. + // TODO(#1642): accept custom workflows through a separate configuration. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "relekang/python-semantic-release", + }, + }, + LogText: "candidate python publishing workflow using python-semantic-release", + }, + { + // Go packages. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "actions/setup-go", + }, + { + Uses: "goreleaser/goreleaser-action", + }, + }, + LogText: "candidate golang publishing workflow", + }, + { + // Rust packages. https://doc.rust-lang.org/cargo/reference/publishing.html + Steps: []*fileparser.JobMatcherStep{ + { + Run: "cargo.*publish", + }, + }, + LogText: "candidate rust publishing workflow using cargo", + }, + } + + return fileparser.AnyJobsMatch(workflow, jobMatchers, fp, dl, "not a publishing workflow") +} diff --git a/checks/raw/packaging.go b/checks/raw/packaging.go new file mode 100644 index 00000000..ec22e5ba --- /dev/null +++ b/checks/raw/packaging.go @@ -0,0 +1,243 @@ +// Copyright 2020 Security Scorecard Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package raw + +import ( + "fmt" + "path/filepath" + + "github.com/rhysd/actionlint" + + "github.com/ossf/scorecard/v4/checker" + "github.com/ossf/scorecard/v4/checks/fileparser" +) + +// Packaging checks for packages. +func Packaging(c *checker.CheckRequest) (checker.PackagingData, error) { + var data checker.PackagingData + matchedFiles, err := c.RepoClient.ListFiles(fileparser.IsGithubWorkflowFileCb) + if err != nil { + return data, fmt.Errorf("%w", err) + } + if err != nil { + return data, fmt.Errorf("RepoClient.ListFiles: %w", err) + } + + for _, fp := range matchedFiles { + fc, err := c.RepoClient.GetFileContent(fp) + if err != nil { + return data, fmt.Errorf("RepoClient.GetFileContent: %w", err) + } + + workflow, errs := actionlint.Parse(fc) + if len(errs) > 0 && workflow == nil { + e := fileparser.FormatActionlintError(errs) + return data, e + } + + // Check if it's a packaging workflow. + match, ok := isPackagingWorkflow(workflow, fp) + // Always print debug messages. + data.Packages = append(data.Packages, + checker.Package{ + Msg: &match.Msg, + File: &checker.File{ + Path: fp, + Type: checker.FileTypeSource, + Offset: checker.OffsetDefault, + }, + }, + ) + if !ok { + continue + } + + runs, err := c.RepoClient.ListSuccessfulWorkflowRuns(filepath.Base(fp)) + if err != nil { + return data, fmt.Errorf("Client.Actions.ListWorkflowRunsByFileName: %w", err) + } + + if len(runs) > 0 { + // Create package. + pkg := checker.Package{ + File: &checker.File{ + Path: fp, + Type: checker.FileTypeSource, + Offset: match.File.Offset, + }, + Runs: []checker.Run{ + { + URL: runs[0].URL, + }, + }, + } + // Create runs. + for _, run := range runs { + pkg.Runs = append(pkg.Runs, + checker.Run{ + URL: run.URL, + }, + ) + } + data.Packages = append(data.Packages, pkg) + + return data, nil + } + + data.Packages = append(data.Packages, + checker.Package{ + // Debug message. + Msg: stringPointer(fmt.Sprintf("GitHub publishing workflow not used in runs: %v", fp)), + File: &checker.File{ + Path: fp, + Type: checker.FileTypeSource, + Offset: checker.OffsetDefault, + }, + // TODO: Job + }, + ) + } + + // Return raw results. + return data, nil +} + +func stringPointer(s string) *string { + return &s +} + +// A packaging workflow. +func isPackagingWorkflow(workflow *actionlint.Workflow, fp string) (fileparser.JobMatchResult, bool) { + jobMatchers := []fileparser.JobMatcher{ + { + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "actions/setup-node", + With: map[string]string{"registry-url": "https://registry.npmjs.org"}, + }, + { + Run: "npm.*publish", + }, + }, + LogText: "candidate node publishing workflow using npm", + }, + { + // Java packages with maven. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "actions/setup-java", + }, + { + Run: "mvn.*deploy", + }, + }, + LogText: "candidate java publishing workflow using maven", + }, + { + // Java packages with gradle. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "actions/setup-java", + }, + { + Run: "gradle.*publish", + }, + }, + LogText: "candidate java publishing workflow using gradle", + }, + { + // Ruby packages. + Steps: []*fileparser.JobMatcherStep{ + { + Run: "gem.*push", + }, + }, + LogText: "candidate ruby publishing workflow using gem", + }, + { + // NuGet packages. + Steps: []*fileparser.JobMatcherStep{ + { + Run: "nuget.*push", + }, + }, + LogText: "candidate nuget publishing workflow", + }, + { + // Docker packages. + Steps: []*fileparser.JobMatcherStep{ + { + Run: "docker.*push", + }, + }, + LogText: "candidate docker publishing workflow", + }, + { + // Docker packages. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "docker/build-push-action", + }, + }, + LogText: "candidate docker publishing workflow", + }, + { + // Python packages. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "actions/setup-python", + }, + { + Uses: "pypa/gh-action-pypi-publish", + }, + }, + LogText: "candidate python publishing workflow using pypi", + }, + { + // Python packages. + // This is a custom Python packaging workflow based on semantic versioning. + // TODO(#1642): accept custom workflows through a separate configuration. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "relekang/python-semantic-release", + }, + }, + LogText: "candidate python publishing workflow using python-semantic-release", + }, + { + // Go packages. + Steps: []*fileparser.JobMatcherStep{ + { + Uses: "actions/setup-go", + }, + { + Uses: "goreleaser/goreleaser-action", + }, + }, + LogText: "candidate golang publishing workflow", + }, + { + // Rust packages. https://doc.rust-lang.org/cargo/reference/publishing.html + Steps: []*fileparser.JobMatcherStep{ + { + Run: "cargo.*publish", + }, + }, + LogText: "candidate rust publishing workflow using cargo", + }, + } + + return fileparser.RawAnyJobsMatch(workflow, jobMatchers, fp, "not a publishing workflow") +} diff --git a/checks/packaging_test.go b/checks/raw/packaging_test.go similarity index 90% rename from checks/packaging_test.go rename to checks/raw/packaging_test.go index 6c44f300..058ed9c0 100644 --- a/checks/packaging_test.go +++ b/checks/raw/packaging_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package checks +package raw import ( "fmt" @@ -21,8 +21,6 @@ import ( "testing" "github.com/rhysd/actionlint" - - scut "github.com/ossf/scorecard/v4/utests" ) func TestIsPackagingWorkflow(t *testing.T) { @@ -80,7 +78,7 @@ func TestIsPackagingWorkflow(t *testing.T) { }, { name: "python semantic release publish", - filename: "./testdata/github-workflow-packaging-python-semantic-release.yaml", + filename: "./testdata/.github/workflows/github-workflow-packaging-python-semantic-release.yaml", expected: true, }, { @@ -106,12 +104,11 @@ func TestIsPackagingWorkflow(t *testing.T) { if len(errs) > 0 && workflow == nil { panic(fmt.Errorf("cannot parse file: %w", err)) } - dl := scut.TestDetailLogger{} p := strings.Replace(tt.filename, "./testdata/", "", 1) - result := isPackagingWorkflow(workflow, p, &dl) - if result != tt.expected { - t.Errorf("isPackagingWorkflow() = %v, expected %v", result, tt.expected) + _, ok := isPackagingWorkflow(workflow, p) + if ok != tt.expected { + t.Errorf("isPackagingWorkflow() = %v, expected %v", ok, tt.expected) } }) } diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-cargo.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-cargo.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-cargo.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-cargo.yaml diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-docker-action.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-docker-action.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-docker-action.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-docker-action.yaml diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-docker-push.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-docker-push.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-docker-push.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-docker-push.yaml diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-gem.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-gem.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-gem.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-gem.yaml diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-go.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-go.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-go.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-go.yaml diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-gradle.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-gradle.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-gradle.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-gradle.yaml diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-maven.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-maven.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-maven.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-maven.yaml diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-npm-github.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-npm-github.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-npm-github.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-npm-github.yaml diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-npm.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-npm.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-npm.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-npm.yaml diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-nuget.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-nuget.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-nuget.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-nuget.yaml diff --git a/checks/testdata/.github/workflows/github-workflow-packaging-pypi.yaml b/checks/raw/testdata/.github/workflows/github-workflow-packaging-pypi.yaml similarity index 100% rename from checks/testdata/.github/workflows/github-workflow-packaging-pypi.yaml rename to checks/raw/testdata/.github/workflows/github-workflow-packaging-pypi.yaml diff --git a/checks/testdata/github-workflow-packaging-python-semantic-release.yaml b/checks/testdata/github-workflow-packaging-python-semantic-release.yaml deleted file mode 100644 index 2aae7b3f..00000000 --- a/checks/testdata/github-workflow-packaging-python-semantic-release.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2022 Security Scorecard Authors -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -jobs: - publish: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Python Semantic Release - uses: relekang/python-semantic-release@v7.23.0 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - pypi_token: ${{ secrets.TEST_PYPI_API_TOKEN }} diff --git a/e2e/packaging_test.go b/e2e/packaging_test.go index 7c29a9f3..a0abfa33 100644 --- a/e2e/packaging_test.go +++ b/e2e/packaging_test.go @@ -46,8 +46,8 @@ var _ = Describe("E2E TEST:"+checks.CheckPackaging, func() { Error: nil, Score: checker.InconclusiveResultScore, NumberOfWarn: 1, - NumberOfInfo: 1, - NumberOfDebug: 3, + NumberOfInfo: 0, + NumberOfDebug: 4, } result := checks.Packaging(&req) Expect(scut.ValidateTestReturn(nil, "use packaging", &expected, &result, &dl)).Should(BeTrue()) diff --git a/go.sum b/go.sum index 6af40b10..5be5b820 100644 --- a/go.sum +++ b/go.sum @@ -22,6 +22,7 @@ cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKV cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go v0.66.0/go.mod h1:dgqGAjKCDxyhGTtC9dAREQGUJpkceNm1yt590Qno0Ko= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= @@ -59,6 +60,7 @@ cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSi cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= +cloud.google.com/go/firestore v1.4.0/go.mod h1:NjjGEnxCS3CAKYp+vmALu20QzcqasGodQp48WxJGAYc= cloud.google.com/go/firestore v1.6.1/go.mod h1:asNXNOzBdyVQmEU+ggO8UPodTkEVFW5Qx+rwHnAz+EY= cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= cloud.google.com/go/iam v0.1.1/go.mod h1:CKqrcnI/suGpybEHxZ7BMehL0oA4LpdyJdUlTl9jVMw= @@ -73,6 +75,7 @@ cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2k cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/pubsub v1.9.0/go.mod h1:G3o6/kJvEMIEAN5urdkaP4be49WQsjNiykBIto9LFtY= cloud.google.com/go/pubsub v1.19.0/go.mod h1:/O9kmSe9bb9KRnIAWkzmqhPjHo6LtzGOBYd/kr06XSs= cloud.google.com/go/pubsub v1.21.1 h1:ghu6wlm6WouITmmuwkxGG+6vNRXDaPdAjqLcRdsw3EQ= cloud.google.com/go/pubsub v1.21.1/go.mod h1:u3XGeMBOBCIQLcxNzy14Svz88ZFS8vI250uDgIAQDSQ= @@ -82,6 +85,7 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +cloud.google.com/go/storage v1.12.0/go.mod h1:fFLk2dp2oAhDz8QFKwqrjdJvxSp/W2g7nillojlL5Ho= cloud.google.com/go/storage v1.21.0/go.mod h1:XmRlxkgPjlBONznT2dDUU/5XlpU2OjMnKuqnZI01LAA= cloud.google.com/go/storage v1.22.0 h1:NUV0NNp9nkBuW66BFRLuMgldN60C57ET3dhbwLIYio8= cloud.google.com/go/storage v1.22.0/go.mod h1:GbaLEoMqbVm6sx3Z0R++gSiBlgMv6yUi2q1DeGFKQgE= @@ -93,6 +97,7 @@ contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod contrib.go.opencensus.io/exporter/aws v0.0.0-20200617204711-c478e41e60e9/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= +contrib.go.opencensus.io/exporter/stackdriver v0.13.4/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= contrib.go.opencensus.io/exporter/stackdriver v0.13.10/go.mod h1:I5htMbyta491eUxufwwZPQdcKvvgzMB4O9ni41YnIM8= contrib.go.opencensus.io/exporter/stackdriver v0.13.12 h1:bjBKzIf7/TAkxd7L2utGaLM78bmUWlCval5K9UeElbY= contrib.go.opencensus.io/exporter/stackdriver v0.13.12/go.mod h1:mmxnWlrvrFdpiOHOhxBaVi1rkc0WOqhgfknj4Yg0SeQ= @@ -105,6 +110,8 @@ git.apache.org/thrift.git v0.12.0/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqbl github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= github.com/AkihiroSuda/containerd-fuse-overlayfs v1.0.0/go.mod h1:0mMDvQFeLbbn1Wy8P2j3hwFhqBq+FKn8OZPno8WLmp8= github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= +github.com/Azure/azure-amqp-common-go/v3 v3.0.1/go.mod h1:PBIGdzcO1teYoufTKMcGibdKaYZv4avS+O6LNIp8bq0= +github.com/Azure/azure-amqp-common-go/v3 v3.1.0/go.mod h1:PBIGdzcO1teYoufTKMcGibdKaYZv4avS+O6LNIp8bq0= github.com/Azure/azure-amqp-common-go/v3 v3.2.1/go.mod h1:O6X1iYHP7s2x7NjUKsXVhkwWrQhxrd+d8/3rRadj4CI= github.com/Azure/azure-amqp-common-go/v3 v3.2.2/go.mod h1:O6X1iYHP7s2x7NjUKsXVhkwWrQhxrd+d8/3rRadj4CI= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= @@ -115,18 +122,24 @@ github.com/Azure/azure-sdk-for-go v19.1.1+incompatible/go.mod h1:9XXNKU+eRnpl9mo github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v35.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v37.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v38.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v42.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v49.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v51.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v59.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0= github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= +github.com/Azure/azure-service-bus-go v0.10.7/go.mod h1:o5z/3lDG1iT/T/G7vgIwIqVDTx9Qa2wndf5OdzSzpF8= github.com/Azure/azure-service-bus-go v0.11.5/go.mod h1:MI6ge2CuQWBVq+ly456MY7XqNLJip5LO1iSFodbNLbU= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= +github.com/Azure/azure-storage-blob-go v0.13.0/go.mod h1:pA9kNqtjUeQF2zOSu4s//nUdBD+e64lEuc4sVnuOfNs= github.com/Azure/azure-storage-blob-go v0.14.0 h1:1BCg74AmVdYwO3dlKwtFU1V0wU2PZdREkXvAmZJRUlM= github.com/Azure/azure-storage-blob-go v0.14.0/go.mod h1:SMqIBi+SuiQH32bvyjngEewEeXoPfKMgWlBDaYf6fck= +github.com/Azure/go-amqp v0.13.0/go.mod h1:qj+o8xPCz9tMSbQ83Vp8boHahuRDl5mkNHyt1xlxUTs= +github.com/Azure/go-amqp v0.13.1/go.mod h1:qj+o8xPCz9tMSbQ83Vp8boHahuRDl5mkNHyt1xlxUTs= github.com/Azure/go-amqp v0.16.0/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= github.com/Azure/go-amqp v0.16.4/go.mod h1:9YJ3RhxRT1gquYnzpZO1vcYMMpAdJT+QEg6fwmw9Zlg= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= @@ -141,6 +154,10 @@ github.com/Azure/go-autorest/autorest v0.9.3/go.mod h1:GsRuLYvwzLjjjRoWEIyMUaYq8 github.com/Azure/go-autorest/autorest v0.9.6/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630= github.com/Azure/go-autorest/autorest v0.10.2/go.mod h1:/FALq9T/kS7b5J5qsQ+RSTUdAmGFqi0vUdVNNx8q630= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest v0.11.3/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= +github.com/Azure/go-autorest/autorest v0.11.7/go.mod h1:V6p3pKZx1KKkJubbxnDWrzNhEIfOy/pTGasLqzHIPHs= +github.com/Azure/go-autorest/autorest v0.11.9/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= +github.com/Azure/go-autorest/autorest v0.11.12/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.19/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.22/go.mod h1:BAWYUWGPEtKPzjVkp0Q6an0MJcJDsoh5Z1BFAEFs4Xs= @@ -150,11 +167,15 @@ github.com/Azure/go-autorest/autorest/adal v0.8.1/go.mod h1:ZjhuQClTqx435SRJ2iMl github.com/Azure/go-autorest/autorest/adal v0.8.2/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= github.com/Azure/go-autorest/autorest/adal v0.8.3/go.mod h1:ZjhuQClTqx435SRJ2iMlOxPYt3d2C/T/7TiQCVZSn3Q= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= +github.com/Azure/go-autorest/autorest/adal v0.9.2/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE= +github.com/Azure/go-autorest/autorest/adal v0.9.4/go.mod h1:/3SMAM86bP6wC9Ev35peQDUeqFZBMH07vvUOmg4z/fE= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= +github.com/Azure/go-autorest/autorest/adal v0.9.6/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.14/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.17/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/azure/auth v0.4.2/go.mod h1:90gmfKdlmKgfjUpnCEpOJzsUEjrWDSLwHIG73tSXddM= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.3/go.mod h1:4bJZhUhcq8LB20TruwHbAQsmUs2Xh+QR7utuJpLXX3A= github.com/Azure/go-autorest/autorest/azure/auth v0.5.9/go.mod h1:hg3/1yw0Bq87O3KvvnJoAh34/0zbP7SFizX/qN5JvjU= github.com/Azure/go-autorest/autorest/azure/cli v0.3.1/go.mod h1:ZG5p860J94/0kI9mNJVoIoLgXcirM2gF5i2kWloofxw= github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM= @@ -171,6 +192,7 @@ github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsI github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8= github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI= +github.com/Azure/go-autorest/autorest/validation v0.3.0/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/autorest/validation v0.3.1/go.mod h1:yhLgjC0Wda5DYXl6JAsWyUe4KVNffhoDhG0zVzUMo3E= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= @@ -182,6 +204,7 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/Djarvur/go-err113 v0.0.0-20200410182137-af658d038157/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= github.com/Djarvur/go-err113 v0.1.0/go.mod h1:4UJr5HIiMZrwgkSPdsjy2uOQExX/WEILpIrO9UPGuXs= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= +github.com/GoogleCloudPlatform/cloudsql-proxy v1.19.1/go.mod h1:+yYmuKqcBVkgRePGpUhTA9OEg0XsnFE96eZ6nJ2yCQM= github.com/GoogleCloudPlatform/cloudsql-proxy v1.29.0/go.mod h1:spvB9eLJH9dutlbPSRmHvSXXHOwGRyeXh1jVdquA2G8= github.com/GoogleCloudPlatform/k8s-cloud-provider v0.0.0-20190822182118-27a4ced34534/go.mod h1:iroGtC8B3tQiqtds1l+mgk/BBOrxbqjH+eUfFQYRc14= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= @@ -264,9 +287,11 @@ github.com/aws/aws-sdk-go v1.16.26/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpi github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.31.6/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= +github.com/aws/aws-sdk-go v1.36.1/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.43.31 h1:yJZIr8nMV1hXjAvvOLUFqZRJcHV7udPQBfhJqawDzI0= github.com/aws/aws-sdk-go v1.43.31/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= @@ -329,6 +354,9 @@ github.com/bombsimon/wsl/v2 v2.2.0/go.mod h1:Azh8c3XGEJl9LyX0/sFC+CKMc7Ssgua0g+6 github.com/bombsimon/wsl/v3 v3.0.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc= github.com/bombsimon/wsl/v3 v3.1.0/go.mod h1:st10JtZYLE4D5sC7b8xV4zTKZwAQjCH/Hy2Pm1FNZIc= github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g= +github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= +github.com/bradleyfalzon/ghinstallation v1.1.1 h1:pmBXkxgM1WeF8QYvDLT5kuQiHMcmf+X015GI0KM/E3I= +github.com/bradleyfalzon/ghinstallation v1.1.1/go.mod h1:vyCmHTciHx/uuyN82Zc3rXN3X2KTK8nUTCrTMwAhcug= github.com/bradleyfalzon/ghinstallation/v2 v2.0.4 h1:tXKVfhE7FcSkhkv0UwkLvPDeZ4kz6OXd0PKPlFqf81M= github.com/bradleyfalzon/ghinstallation/v2 v2.0.4/go.mod h1:B40qPqJxWE0jDZgOR1JmaMy+4AY1eBP+IByOvqyAKp0= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= @@ -532,6 +560,7 @@ github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/denisenkom/go-mssqldb v0.12.0/go.mod h1:iiK0YP1ZeepvmBQk/QpLEhhTNJgfzrpArPY/aFvc9yU= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= @@ -789,6 +818,7 @@ github.com/golangci/prealloc v0.0.0-20180630174525-215b22d4de21/go.mod h1:tf5+bz github.com/golangci/revgrep v0.0.0-20180526074752-d9c87f5ffaf0/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4= github.com/golangci/revgrep v0.0.0-20180812185044-276a5c0a1039/go.mod h1:qOQCunEYvmd/TLamH+7LlVccLvUH5kZNhbCgTHoBbp4= github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg8RkN3rCIMLGE9CyYmU9pY2Jer6DgANEnZ/L/cQ= +github.com/gomodule/redigo v1.8.4/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= github.com/google/btree v0.0.0-20180124185431-e89373fe6b4a/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -817,6 +847,9 @@ github.com/google/go-containerregistry v0.9.0/go.mod h1:9eq4BnSufyT1kHNffX+vSXVo github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY= github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= +github.com/google/go-github/v29 v29.0.2/go.mod h1:CHKiKKPHJ0REzfwc14QMklvtHwCveD0PxlMjLlzAM5E= +github.com/google/go-github/v32 v32.1.0 h1:GWkQOdXqviCPx7Q7Fj+KyPoGm4SwHRh8rheoPhd27II= +github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI= github.com/google/go-github/v38 v38.1.0 h1:C6h1FkaITcBFK7gAmq4eFzt6gbhEhk7L5z6R3Uva+po= github.com/google/go-github/v38 v38.1.0/go.mod h1:cStvrz/7nFr0FoENgG6GLbp53WaelXucT+BBz/3VKx4= github.com/google/go-github/v41 v41.0.0 h1:HseJrM2JFf2vfiZJ8anY2hqBjdfY1Vlj/K27ueww4gg= @@ -825,9 +858,11 @@ github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8= github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= +github.com/google/go-replayers/grpcreplay v1.0.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= github.com/google/go-replayers/grpcreplay v1.1.0 h1:S5+I3zYyZ+GQz68OfbURDdt/+cSMqCK1wrvNx7WBzTE= github.com/google/go-replayers/grpcreplay v1.1.0/go.mod h1:qzAvJ8/wi57zq7gWqaE6AwLM6miiXUQwP1S+I9icmhk= github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= +github.com/google/go-replayers/httpreplay v0.1.2/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/go-replayers/httpreplay v1.1.1 h1:H91sIMlt1NZzN7R+/ASswyouLJfW0WLW7fhyUFvDEkY= github.com/google/go-replayers/httpreplay v1.1.1/go.mod h1:gN9GeLIs7l6NUoVaSSnv2RiqK1NiwAmD0MrKeC9IIks= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= @@ -850,6 +885,7 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200905233945-acf8798be1f7/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= @@ -909,6 +945,7 @@ github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.m github.com/gostaticanalysis/analysisutil v0.0.3/go.mod h1:eEOZF4jCKGi+aprrirO9e7WKB3beBRtWgqGunKl6pKE= github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.2.0/go.mod h1:mJzapYve32yjrKlk9GbyCZHuPgZsrbyIbyKhSzOpg6s= @@ -1096,6 +1133,7 @@ github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= +github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= @@ -1171,6 +1209,7 @@ github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:F github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.3.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/buildkit v0.8.1/go.mod h1:/kyU1hKy/aYCuP39GZA9MaKioovHku57N6cqlKZIaiQ= github.com/moby/buildkit v0.10.3 h1:/dGykD8FW+H4p++q5+KqKEo6gAkYKyBQHdawdjVwVAU= @@ -1211,6 +1250,7 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nakabonne/nestif v0.3.0/go.mod h1:dI314BppzXjJ4HsCnbo7XzrJHPszZsjnk5wEBSYHI2c= +github.com/naveensrinivasan/httpcache v1.2.2/go.mod h1:gpEVVjcTYZA3F1tqYkLqbNvZuf380rhUDaV5OZpyQ88= github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= @@ -1233,6 +1273,7 @@ github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= +github.com/onsi/ginkgo v1.15.2/go.mod h1:Dd6YFfwBW84ETqqtL0CPyPXillHgY6XhQH3uuCCTr/o= github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= @@ -1249,6 +1290,7 @@ github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoT github.com/onsi/gomega v1.9.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc= +github.com/onsi/gomega v1.11.0/go.mod h1:azGKhqFUon9Vuj0YmTfLSmx0FUwqXYSTl5re8lQLTUg= github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.18.1/go.mod h1:0q+aL8jAiMXy9hbwj2mr5GziHiwhAIQpFmmtT5hitRs= @@ -1290,6 +1332,8 @@ github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYr github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/openzipkin/zipkin-go v0.1.3/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= +github.com/ossf/scorecard v1.2.0 h1:Gf12BN29RZDDSev0suW/DwJyhYWH1XHsIqSmpCChgsE= +github.com/ossf/scorecard v1.2.0/go.mod h1:hc0zwnXi2NHq2aru8A/NoNZ9H+DqZZlYbmOw7jjHi/Q= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -1407,6 +1451,7 @@ github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lz github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= +github.com/shurcooL/githubv4 v0.0.0-20200928013246-d292edc3691b/go.mod h1:hAF0iLZy4td2EX+/8Tw+4nodhlMrwN3HupfaXj3zkGo= github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa h1:jozR3igKlnYCj9IVHOVump59bp07oIRoLQ/CcjMYIUA= github.com/shurcooL/githubv4 v0.0.0-20201206200315-234843c633fa/go.mod h1:hAF0iLZy4td2EX+/8Tw+4nodhlMrwN3HupfaXj3zkGo= github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk= @@ -1477,6 +1522,7 @@ github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= +github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ= github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= github.com/tdakkota/asciicheck v0.0.0-20200416190851-d7f85be797a2/go.mod h1:yHp0ai0Z9gUljN3o0xMhYJnH/IcvkdTBOX2fmJ93JEM= @@ -1636,10 +1682,12 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= +go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= go4.org v0.0.0-20180809161055-417644f6feb5/go.mod h1:MkTOUMDaeVYJUOUsaDXIhWPZYa1yOyC1qaOBpL57BhE= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= +gocloud.dev v0.22.0/go.mod h1:z3jKIQ0Es9LALVZFQ3wOvwqAsSLq1R5c/2RdmghDucw= gocloud.dev v0.25.0 h1:Y7vDq8xj7SyM848KXf32Krda2e6jQ4CLh/mTeCSqXtk= gocloud.dev v0.25.0/go.mod h1:7HegHVCYZrMiU3IE1qtnzf/vRrDwLYnRNR3EhWX8x9Y= golang.org/x/build v0.0.0-20190314133821-5284462c4bec/go.mod h1:atTaCNAy0f16Ah5aV1gMSwgiKVHwu/JncqDpuRr7lS4= @@ -1652,6 +1700,7 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -1769,6 +1818,7 @@ golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= @@ -1812,6 +1862,7 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201203001011-0b49973bad19/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= @@ -2048,6 +2099,7 @@ golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2091,12 +2143,18 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200828161849-5deb26317202/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= +golang.org/x/tools v0.0.0-20200915173823-2db8f0ff891c/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= +golang.org/x/tools v0.0.0-20200918232735-d647fc253266/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201202200335-bef1c476418a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201203202102-a1a1cbeaa516/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= @@ -2130,6 +2188,7 @@ google.golang.org/api v0.6.1-0.20190607001116-5213b8090861/go.mod h1:btoxGiFvQNV google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= @@ -2143,6 +2202,8 @@ google.golang.org/api v0.25.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/api v0.31.0/go.mod h1:CL+9IBCa2WWU6gRuBWaKqGWLFFwbEUXkfeMkHLQWYWo= +google.golang.org/api v0.32.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= @@ -2178,6 +2239,7 @@ google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= @@ -2222,11 +2284,15 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200831141814-d751682dd103/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200914193844-75d14daec038/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200921151605-7abf4a1a14d5/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201203001206-6486ece9c497/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -2303,6 +2369,7 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= @@ -2343,6 +2410,7 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= @@ -2483,6 +2551,7 @@ mvdan.cc/sh/v3 v3.5.1 h1:hmP3UOw4f+EYexsJjFxvU38+kn+V/s2CclXHanIBkmQ= mvdan.cc/sh/v3 v3.5.1/go.mod h1:1JcoyAKm1lZw/2bZje/iYKWicU/KMd0rsyJeKHnsK4E= mvdan.cc/unparam v0.0.0-20190720180237-d51796306d8f/go.mod h1:4G1h5nDURzA3bwVMZIVpwbkw+04kSxk3rAtzlimaUJw= mvdan.cc/unparam v0.0.0-20200501210554-b37ab49443f7/go.mod h1:HGC5lll35J70Y5v7vCGb9oLhHoScFwkHDJm/05RdSTc= +nhooyr.io/websocket v1.8.6/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= nhooyr.io/websocket v1.8.7/go.mod h1:B70DZP8IakI65RVQ51MsWP/8jndNma26DVA/nFSCgW0= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/pkg/json_raw_results.go b/pkg/json_raw_results.go index 7d94d9ae..a1641681 100644 --- a/pkg/json_raw_results.go +++ b/pkg/json_raw_results.go @@ -16,6 +16,7 @@ package pkg import ( "encoding/json" + "errors" "fmt" "io" "time" @@ -41,7 +42,8 @@ type jsonScorecardRawResult struct { type jsonFile struct { Snippet *string `json:"snippet,omitempty"` Path string `json:"path"` - Offset int `json:"offset,omitempty"` + // TODO: change to an uint. + Offset int `json:"offset,omitempty"` } type jsonTool struct { @@ -54,16 +56,16 @@ type jsonTool struct { } type jsonBranchProtectionSettings struct { - RequiredApprovingReviewCount *int32 `json:"required-reviewer-count"` - AllowsDeletions *bool `json:"allows-deletions"` - AllowsForcePushes *bool `json:"allows-force-pushes"` - RequiresCodeOwnerReviews *bool `json:"requires-code-owner-review"` - RequiresLinearHistory *bool `json:"required-linear-history"` - DismissesStaleReviews *bool `json:"dismisses-stale-reviews"` - EnforcesAdmins *bool `json:"enforces-admin"` - RequiresStatusChecks *bool `json:"requires-status-checks"` - RequiresUpToDateBranchBeforeMerging *bool `json:"requires-updated-branches-to-merge"` - StatusCheckContexts []string `json:"status-checks-contexts"` + RequiredApprovingReviewCount *int32 `json:"requiredReviewerCount"` + AllowsDeletions *bool `json:"allowsDeletions"` + AllowsForcePushes *bool `json:"allowsForcePushes"` + RequiresCodeOwnerReviews *bool `json:"requiresCodeOwnerReview"` + RequiresLinearHistory *bool `json:"requiredLinearHistory"` + DismissesStaleReviews *bool `json:"dismissesStaleReviews"` + EnforcesAdmins *bool `json:"enforcesAdmin"` + RequiresStatusChecks *bool `json:"requiresStatuChecks"` + RequiresUpToDateBranchBeforeMerging *bool `json:"requiresUpdatedBranchesToMerge"` + StatusCheckContexts []string `json:"statusChecksContexts"` } type jsonBranchProtection struct { @@ -77,7 +79,7 @@ type jsonReview struct { } type jsonUser struct { - RepoAssociation *string `json:"repo-association,omitempty"` + RepoAssociation *string `json:"repoAssociation,omitempty"` Login string `json:"login"` // Orgnization refers to a GitHub org. Organizations []jsonOrganization `json:"organization,omitempty"` @@ -111,8 +113,8 @@ type jsonMergeRequest struct { type jsonDefaultBranchCommit struct { // ApprovedReviews *jsonApprovedReviews `json:"approved-reviews"` - MergeRequest *jsonMergeRequest `json:"merge-request"` - CommitMessage string `json:"commit-message"` + MergeRequest *jsonMergeRequest `json:"mergeRequest"` + CommitMessage string `json:"commitMessage"` SHA string `json:"sha"` Committer jsonUser `json:"committer"` // TODO: check runs, etc. @@ -131,13 +133,13 @@ type jsonArchivedStatus struct { } type jsonComment struct { - CreatedAt *time.Time `json:"created-at"` + CreatedAt *time.Time `json:"createdAt"` Author *jsonUser `json:"author"` // TODO: add ields if needed, e.g., content. } type jsonIssue struct { - CreatedAt *time.Time `json:"created-at"` + CreatedAt *time.Time `json:"createdAt"` Author *jsonUser `json:"author"` URL string `json:"URL"` Comments []jsonComment `json:"comments"` @@ -178,6 +180,19 @@ type jsonWorkflowJob struct { ID *string `json:"id"` } +// nolint +type jsonPackage struct { + Name *string `json:"name,omitempty"` + Job *jsonWorkflowJob `json:"job,omitempty"` + File *jsonFile `json:"file,omitempty"` + Runs []jsonRun `json:"runs,omitempty"` +} + +type jsonRun struct { + URL string `json:"url"` + // TODO: add fields, e.g., Result=["success", "failure"] +} + //nolint type jsonRawResults struct { // Workflow results. @@ -187,31 +202,67 @@ type jsonRawResults struct { // List of recent issues. RecentIssues []jsonIssue `json:"issues"` // OSSF best practices badge. - OssfBestPractices jsonOssfBestPractices `json:"openssf-best-practices-badge"` + OssfBestPractices jsonOssfBestPractices `json:"openssfBestPracticesBadge"` // Vulnerabilities. - DatabaseVulnerabilities []jsonDatabaseVulnerability `json:"database-vulnerabilities"` + DatabaseVulnerabilities []jsonDatabaseVulnerability `json:"databaseVulnerabilities"` // List of binaries found in the repo. Binaries []jsonFile `json:"binaries"` // List of security policy files found in the repo. // Note: we return one at most. - SecurityPolicies []jsonFile `json:"security-policies"` + SecurityPolicies []jsonFile `json:"securityPolicies"` // List of update tools. // Note: we return one at most. - DependencyUpdateTools []jsonTool `json:"dependency-update-tools"` + DependencyUpdateTools []jsonTool `json:"dependencyUpdateTools"` // Branch protection settings for development and release branches. - BranchProtections []jsonBranchProtection `json:"branch-protections"` + BranchProtections []jsonBranchProtection `json:"json:"branchProtections"` // Contributors. Note: we could use the list of commits instead to store this data. // However, it's harder to get statistics using commit list, so we have a dedicated // structure for it. Contributors jsonContributors `json:"Contributors"` // Commits. - DefaultBranchCommits []jsonDefaultBranchCommit `json:"default-branch-commits"` + DefaultBranchCommits []jsonDefaultBranchCommit `json:"defaultBrancCommits"` // Archived status of the repo. ArchivedStatus jsonArchivedStatus `json:"archived"` // Fuzzers. Fuzzers []jsonTool `json:"fuzzers"` // Releases. Releases []jsonRelease `json:"releases"` + // Packages. + Packages []jsonPackage `json:"packages"` +} + +func (r *jsonScorecardRawResult) addPackagingRawResults(pk *checker.PackagingData) error { + r.Results.Packages = []jsonPackage{} + + for _, p := range pk.Packages { + var jpk jsonPackage + + // Ignore debug messages. + if p.Msg != nil { + continue + } + if p.File == nil { + //nolint + return errors.New("File field is nil") + } + + jpk.File = &jsonFile{ + Path: p.File.Path, + Offset: int(p.File.Offset), + // TODO: Snippet + } + + for _, run := range p.Runs { + jpk.Runs = append(jpk.Runs, + jsonRun{ + URL: run.URL, + }, + ) + } + + r.Results.Packages = append(r.Results.Packages, jpk) + } + return nil } //nolint:unparam @@ -580,6 +631,11 @@ func (r *jsonScorecardRawResult) fillJSONRawResults(raw *checker.RawResults) err return sce.WithMessage(sce.ErrScorecardInternal, err.Error()) } + // Packaging. + if err := r.addPackagingRawResults(&raw.PackagingResults); err != nil { + return sce.WithMessage(sce.ErrScorecardInternal, err.Error()) + } + return nil } @@ -599,7 +655,6 @@ func (r *ScorecardResult) AsRawJSON(writer io.Writer) error { Metadata: r.Metadata, } - // if err := out.fillJSONRawResults(r.Checks[0].RawResults); err != nil { if err := out.fillJSONRawResults(&r.RawResults); err != nil { return err }